Privacy Policy 

Last modified: October 10, 2025

INTRODUCTION

OIT Diary and our affiliates and subsidiaries, if any ("Company" or "We") respect your privacy and are committed to protecting it by complying with this policy.

This policy describes:

- The types of information we may collect or that app users ("you") may provide when you purchase, download, install, register with, access, or use OIT Diary (the "App").

- Our practices for collecting, using, maintaining, protecting, and disclosing that information.

We will only use your personal information and personal health information in accordance with this policy unless otherwise required by applicable law. We take steps to ensure that the personal information that we collect about you is adequate, relevant, not excessive, and used for limited purposes. Privacy laws in Canada generally define "personal information" as any information about an identifiable individual, which includes information that can be used on its own or with other information to identify, contact, or locate a single person. Personal information does not include business contact information, including your name, title, or business contact information.

This policy applies only to information we collect in this App and/or in email, text, and other electronic communications sent through or in connection with this App.

This policy DOES NOT apply to information that:

- we collect offline or on any other Company apps or websites, including websites you may access through this App; or

- you provide to or is collected by any third party (see Third-Party Information Collection).

Other websites and apps, and these third parties may have their own privacy policies, which we encourage you to read before providing information on or through them.

Please read this policy carefully to understand our policies and practices for collecting, processing, and storing your information. If you do not agree with our policies and practices, do not download, register with, or use this App. By downloading, registering with, or using this App, you indicate that you understand, accept, and consent to the practices described in this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this App after we make changes indicates that you accept and consent to those changes, so please check the policy periodically for updates. We will notify you in advance of any material changes to this policy and obtain your consent to any new ways that we collect, use, and disclose your personal information.

The Company acts as an Agent (as defined under section 2 of the Personal Health Information Protection Act, 2004 (PHIPA)) of the following Health Information Custodian(s): Samira Jeimy Medicine Professional Corporation. In this role, the Company collects, uses, discloses, and protects personal health information (as defined herein) in accordance with PHIPA and this Privacy Policy.

This Privacy Policy constitutes our written public statement required by PHIPA. It describes (i) our information practices, (ii) how to contact our Privacy Officer, (iii) how an individual may obtain access to or request correction of their PHI, and (iv) how to make a complaint to us or to the Information and Privacy Commissioner of Ontario (“IPC”).

INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT

We collect information about you through:

- Direct interactions with you when you provide it to us, for example, by filling in forms or corresponding with us.

- Automated technologies or interactions, when you use the App, for example, usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.

The types of information that we collect include:

- Personal information that we can reasonably use to directly or indirectly identify you, such as your name, mailing address, email address, telephone number, internet protocol (IP) address, user name or other similar identifier, and account information, and any other identifier we may use to contact you, with the exception of any personal health information ("personal information").

We provide an opportunity for any user to unsubscribe from our collection of any personal information or opt out of contact for marketing or any other purposes on an ongoing basis by emailing oitdiary@gmail.com.

- Personal health information, meaning any identifying information about you that relates to your physical or mental health, the provision of health care, payments or eligibility for health care, your health number, any donation of body parts or bodily substances, or information that identifies your substitute decision-maker, as those terms are defined under PHIPA (“personal health information”). Personal health information also includes any other information that is reasonably capable of identifying an individual when combined with other data.

- Non-personal information that does not directly or indirectly reveal your identity or directly relate to an identified individual, such as demographic information, or statistical or aggregated information. We may derive non-personal statistical or aggregated data from personal information. For example, we may aggregate personal information to calculate the percentage of users accessing a specific app feature.

- Technical information, including your login information, device type, time zone setting, and usage details.

Information You Provide to Us

When you download, register with, or use this App, we may ask you to provide:

- Information you provide by filling in forms or inputting data directly into the App. This includes information you provide when registering to use the App, subscribing to our service, posting material, and/or requesting further services. This may also include personal information or personal health information you input into the App from time to time. We may also ask you for information when you report a problem with the App.

- Records and copies of your correspondence, including email addresses and phone numbers, if you contact us.

CONSENT FRAMEWORK (PERSONAL HEALTH INFORMATION)

Your Consent.

- Knowledgeable Consent. We collect, use, or disclose your personal health information only with your knowledgeable consent, unless otherwise permitted or required under PHIPA or other applicable legislation.

- Form of Consent. Consent may be express (written, verbal, or electronic) or implied where PHIPA allows. Express consent is required before we disclose personal health information to a person who is not a health information custodian.

- Withdrawing or Limiting Consent. You may withdraw or limit your consent at any time by (1) adjusting your privacy settings in the App, or (2) contacting our Privacy Officer (see “Contact Us” below). Your decision will be respected from the date we receive your request and will not be applied retroactively. We will advise you of any services that may be unavailable as a result.

- Consent for Minors. Notwithstanding anything to the contrary in this Privacy Policy, for individuals under 16 years of age, consent is obtained in accordance with section 23 of PHIPA (see “Children and Youth”) below.

HOW WE USE YOUR INFORMATION

We use information that we collect about you or that you provide to us, including any personal information and personal health information (as applicable):

- To provide you with the App and its contents.

- To provide you with information or services that you request from us.

- To fulfill the purposes for which you provided it or that were described when it was collected or any other purpose for which you provide it.

- To carry out our obligations and enforce our rights in any contract with you, including for billing and collection or to comply with legal requirements.

- To notify you when App updates are available, and of changes to any products or services we offer or provide though it.

- To improve our App, products or services, or customer relationships and experiences.

- For any other purpose with your consent.

DISCLOSURE OF YOUR INFORMATION

We may disclose personal information that we collect, or you provide as described in this privacy policy:

- To fulfill the purpose for which you provide it.

- For any other purpose we disclose when you provide the information.

- With your consent.

- To comply with any court order, law, or legal process, including to respond to any government or regulatory request, according to applicable law.

- To enforce our rights arising from any contracts between you and us.

- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Company, our customers, or others. This includes exchanging information with other companies and organizations for fraud prevention and credit risk reduction.

TRANSFERRING YOUR PERSONAL INFORMATION

We may transfer personal information that we collect or that you provide us to contractors, service providers, and other third parties we use to support the App (such as analytics providers that assist us with App improvement and optimization) and who are contractually obligated to keep personal information confidential, to use it only for the purposes for which we disclose it to them, and to process the personal information with the same standards set out in this policy.

We may process, store, and transfer your personal information in and to other countries with different privacy laws that may or may not be as comprehensive as Canadian law. In these circumstances, the governments, courts, law enforcement, or regulatory agencies of that country may be able to obtain access to your personal information. Whenever we engage a service provider, we require that its privacy and security standards comply with this policy and applicable Canadian laws.

You are welcome to contact us to obtain further information about Company policies regarding service providers outside of Canada. See Contact Information and Challenging Compliance.

By submitting your personal information or engaging with the App, you consent to this transfer, storage, or processing.

TRANSFERRING YOUR PERSONAL HEALTH INFORMATION

We may transfer your personal health information to contractors, service providers and other third parties (including cloud hosting providers) who perform services on our behalf. All such service providers are bound by written agreements that require them to:

- Comply with PHIPA and this Privacy Policy;

- Use the personal health information only for the purposes specified in our contract; and

- Implement comparable security safeguards.

Personal health information may be processed outside Ontario or Canada. While in another jurisdiction, personal health information may be subject to foreign laws and lawful access requests, but contractual and technical measures are in place to safeguard it. You may request more information by contacting our Privacy Officer.

DATA SECURITY

The security of your personal information and personal health information is very important to us. We use physical, electronic, and administrative measures designed to secure your personal information and personal health information from accidental loss and from unauthorized access, use, alteration, and disclosure. With the exception of personal health information, which is stored locally on your device, we store all information you provide to us behind firewalls on our secure servers. Any payment transactions will be encrypted. All login credentials, including your email and password, are securely managed by Firebase Authentication.

With regards to personal health information, we maintain administrative, technical, and physical safeguards in compliance with PHIPA, including, but not limited to:

- Encryption of PHI at rest and in transit using industry-standard algorithms;

- Multi-Factor Authentication for all staff and service-provider access;

- Role-Based Access Controls ensuring employees see only the PHI necessary for their duties;

- Automated Audit Logs capturing every view, addition, modification, or export of PHI;

- Annual Privacy and Security Risk Assessments and quarterly vulnerability testing;

- Mandatory Privacy Training for employees and contractors; and

- Contractual Protections requiring service providers to meet PHIPA-compliant security standards.

The safety and security of your information also depends on you. Where we have given you (or you have chosen) a password for access to certain parts of our App, you are responsible for keeping it confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet and mobile platforms is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted through the App. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any App privacy settings or security measures.

BREACH NOTIFICATION (PERSONAL HEALTH INFORMATION)

If personal health information in our custody or control is stolen, lost, or accessed, used, or disclosed without authorization, we will:

- Notify the affected individual(s) at the first reasonable opportunity, including information on steps to mitigate potential harm;

- Notify the IPC where required under PHIPA; and

- Maintain records of the incident and corrective actions taken.

DATA RETENTION

Except as otherwise permitted or required by applicable law or regulation, we will only retain your personal information for as long as necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Under some circumstances we may anonymize or aggregate your personal information so that it can no longer be associated with you. We reserve the right to use such anonymous and de-identified data for any legitimate business purpose without further notice to you or your consent.

For clarification, all personal health information you provide is stored locally on your device. The Company will not collect, transmit or share personal health information unless explicitly instructed by you to do so.

CHILDREN UNDER AND YOUTH (UNDER THE AGE OF 16)

Our App is not intended for children under 13 years of age without parental consent. No one under age 13 may provide any personal information and/or personal health information to or on the App without parental consent. We do not knowingly collect personal information or personal health information from children under 13 without verified parental consent. If you are under 13, do not use or provide any information on this App or on or through any of its features/register on the App, make any purchases through the App, use any of the interactive or public comment features of this App, or provide any information about yourself to us, including your name, address, telephone number, email address, or any user name you may use without first obtaining parental consent. If we learn we have collected or received personal information and/or personal health information from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at oitdiary@gmail.com.

For individuals who are at least 13 but under 16 and capable of making their own health decisions, their consent to collect, use, or disclose personal health information will prevail over any conflicting decision of a parent or guardian, in accordance with PHIPA. Parents or guardians may access the personal health information of a child under 16 unless the child is capable of consenting and objects to such access. We will follow the guidance set out in PHIPA when evaluating such requests.

ACCESSING AND CORRECTING YOUR PERSONAL INFORMATION

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes. By law you have the right to request access to and to correct the personal information that we hold about you.

You can review and change your personal information by logging into the App and visiting your account profile page.

We may request specific information from you to help us confirm your identity and your right to access, and to provide you with the personal information that we hold about you or make your requested changes. Applicable law may allow or require us to refuse to provide you with access to some or all of the personal information that we hold about you, or we may have destroyed, erased, or made your personal information anonymous in accordance with our record retention obligations and practices. If we cannot provide you with access to your personal information, we will inform you of the reasons why, subject to any legal or regulatory restrictions.

We will provide access to your personal information, subject to exceptions set out in applicable privacy legislation. Examples of such exceptions include:

- Information protected by solicitor-client privilege.

- Information that is part of a formal dispute resolution process.

- Information that is about another individual that would reveal their personal information or confidential commercial information.

- Information that is prohibitively expensive to provide.

If you are concerned about our response or would like to correct the information provided, you may contact us at oitdiary@gmail.com.

ACCESSING YOUR PERSONAL HEALTH INFORMATION

You can access and correct your personal health information as follows:

- Submit a Request. Send a written request to the Company at oitdiary@gmail.com. Please identify the records you seek as precisely as possible.

- Our Response. We will respond in writing within 30 days, either (a) providing access, (b) advising of any permissible extensions, or (c) explaining any lawful refusal.

- Correction Requests. If you believe a record is inaccurate or incomplete, you may request a correction. We will amend the record or append your written statement of disagreement where a correction is not made.

- Exceptions. Access may be denied only in the limited circumstances set out in PHIPA. In such a case, you will receive written reasons and information on appeal rights to the IPC.

- No Fee for Access. We do not currently charge a fee for access or correction.

WITHDRAWING YOUR CONSENT

Where you have provided your consent to the collection, use, and transfer of your personal information, you may have the legal right to withdraw your consent under certain circumstances. To withdraw your consent, if applicable, contact us at oitdiary@gmail.com. Please note that if you withdraw your consent, we may not be able to provide you with a particular product or service. We will explain the impact to you at the time to help you make your decision.

CHANGES TO OUR PRIVACY POLICY

We may update our privacy policy from time to time. It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' personal information, we will post the new privacy policy on this page and notify you by email to the primary email address specified in your account.

We include the date the privacy policy was last revised at the top of the page. You are responsible for ensuring we have an up-to-date, active, and deliverable email address for you, and for periodically visiting this privacy policy to check for any changes.

CONTACT INFORMATION AND CHALLENGING COMPLIANCE

We welcome your questions, comments, and requests regarding this privacy policy and our privacy practices. Please contact us at oitdiary@gmail.com.

We have procedures in place to receive and respond to complaints or inquiries about our handling of personal information and our compliance with this policy and with applicable privacy laws. If you have any questions about this Privacy Policy, wish to exercise your personal health information rights, or have a concern about our privacy practices, please contact the Privacy Officer. If you are not satisfied with our response, you may file a written complaint with the Information and Privacy Commissioner of Ontario: www.ipc.on.ca; Toll-free 1-800-387-0073`;